CVE-2007-3034

Description

Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.

Related CPE's

omicrosoftwindows_xp*sp2******

omicrosoftwindows_2000*sp4******

omicrosoftwindows_server_2003********

omicrosoftwindows_xp**professional_x64*****

omicrosoftwindows_2003_server*sp1******

omicrosoftwindows_2003_server*sp2******

References

TA07-226A

US Government Resource

VU#640136

US Government Resource

25302

Patch

1018563

26423

Vendor Advisory

ADV-2007-2870

Vendor Advisory

oval:org.mitre.oval:def:2088

MS07-046

20070814 EEYE: Windows Metafile AttemptWrite Heap Overflow

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:C/I:C/A:C

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

9.300000190734863

Created by Yello
About Severity.io